governmentwikiaorg-20200215-history
Talk:2009 Lok Sabha Data Questions
On 31-May-09, at 6:21 PM, Duncan Bayliss wrote: Dear Dr. Nalapat and Dr Saraph, I came across your wiki on electronic voting in the Indian election and it got me thinking. As you undoubtedly know, there are already some interesting analyses on the blogs. This one on the potential methods used seems particularly intriguing. To get a second opinion if this was really possible, I emailed some e-voting experts to see what they though. Below is the reply from Brad Friedman, one of the foremost authorities in e-voting fraud. I thought you might find it of interest. Respectful yours, Duncan C. Bayliss ____ Thanks for touching base, Duncan. Though I'm on deadline for the moment, so can't dig too deeply into this story right now, a cursory look at the type of machines being used in India should certainly give anyone pause about the veracity of any results it produces. As transparency disappears into electrons, the result is purely faith-based elections, based on faith in those who control the election, the equipment and its reported results. Far and away, the easiest way to game such a system is from the inside, by changing the values of the results database itself. Example, a database file that would look not unlike the Excel files you came across. In that way, one needn't risk discovery of a corruption process with a large conspiracy of folks changing votes at single machines/polling places and/or attempting to hack the voting machines themselves. Simply change the main results (best way is to change the number of votes for each candidate, while leaving the total number of votes/voters the same), and without any evidence to counter it -- such as hand-marked, and thus, voter-verified paper ballots and/or precinct-based results counted and posted at the polls before they are sent to the central counting headquarters -- it's virtually impossible to either detect, and even to expose, that sort of manipulation of results. A quick look into the type of machines being used in India brought me to this article by Atul A, who appears to be a computer scientist and/or security expert who had previously studied the specific machines used in India back in 2004. As a computer scientist -- like so many who study the systems in this country -- while he finds enormous security issues in the system, he believes there may be a way to change that system for better security. Many scientists in this country either feel that way now, or once did, before spending time trying to solve those security problems and finding that there really is no known solution beyond voter-marked paper ballots, counted publicly at the polling place (with results posted publicly, right there), before those physical ballots are moved anywhere. That decentralized, citizen-overseen counting makes it very difficult to get away with gaming the results, since so many people are watching, and it would require a rather large conspiracy to effectively change the results of an election. Atul A goes on to suggest ways in which the system could be improved, but while I disagree with him, those points are largely beyond the scope of your concerns for the moment. What he says about the machines themselves is more to the point, even though, as mentioned above, the largest concern is at the central point where the results are collected, and where they can be changed entirely with just a few keystrokes, rather than with the voting machines themselves. That said, the machines themselves are also a point of possible access for bad guys, and can allow for a virus to be introduced at any point, that can then find its way back to the central tabulator, and affect the entire election. We saw an example of that when I gave a Diebold touch-screen (DRE) system, given to me by an insider source, to Princeton to study. The scientists there were quickly able to introduce a vote-flipping virus which could change votes on the machine, but also pass itself from machine to machine, once infected, and flip an entire election. Without any evidence (as described above) to counter that flipped information, there is little chance that the hack would ever or even could ever be detected. In any case, here's the key points that Atul A makes, in the article mentioned and linked above, about his concerns about the voting machines themselves. And on these points, he's right on the money as far as I can tell: :The entire process may be hacked into, knowing that corruption in India is a legendary phenomenon and people can be bribed to circumvent any law. :... :since there are no papers (ballot papers) to authenticate anything, the security flaws (and mis-adventures of the entire system) can not be detected. :... :Also, let me bring out some more simple hacks, from amongst the ones I can think of : : :(a) The software checks for specific number of votes and then starts directing the count for a specific candidate. :(b) The polling officer casts votes in connivance with local polling booth operators/observers. :© During vote counting, the software reads out value of casted votes favoring some one, which may be different from the votes casted for the contestant. :... :I seriously doubt that the EVMs have enough security, internally and externally. ECI should have redrawn the entire process, and should have put extra security elements into the process. :... :My contention is that there are hundreds of ways to hack into the Indian voting system. I would agree with his assertion that "there are hundreds of ways to hack into the Indian voting system". He has mentioned just a few, I have mentioned above the much more direct way (straight into the central tabulator results file), and could list dozens and dozens more for you, once I was able to look directly at the architecture of the system used in India. At the end of your note, you specifically ask me: Any idea what this could all mean? And if there were irregularities, how they could have been done? What should be done next ? If you think the data warrants it, I don't suppose it is something you want to investigate? If it's true, it is most serious. To hit those questions one at a time: *Any idea what this could all mean? : Since there is no transparency in the system, it could mean that the entire election was gamed, and there would be little chance for detecting it unless a complete, independent forensic examination -- with access to all data, source code, machines, data cartridges and full voting records -- was carried out. Even then, depending on how the system was manipulated, and how well the architecture might allow discovery of such manipulation afterwards (and how careless the manipulators were), it could still be impossible to discover. *And if there were irregularities, how they could have been done? : See above as to how "irregularities" could have been done. There are hundreds of ways, the simplest and most direct (changing vote totals directly, by someone on the inside) is the "best" way. *What should be done next ? If you think the data warrants it, I don't suppose it is something you want to investigate? : The data always warrants it, when you have a system that is fully faith-based, as the Indian system seems to be. If it is known that nobody will be investigating the data, ever, than there are absolutely no checks and balances in place to keep someone from manipulating it. As to my carrying out the investigation, it's far beyond the scope of one person, in a different country. While I (and you, and many others) could look around for details which suggest irregularities, only a first-hand, forensic investigation of everything can get anywhere close to a conclusive finding one way or another. To do that, it'll take a popular outcry, transparency by the government/controlling body of the election, full disclosure of everything, and then the best of luck in being able to put the pieces together to figure out what may have happened. This is precisely the danger of relying on this kind of system for democracy. Ever! *If it's true, it is most serious. : It's most serious, even if it isn't true. Concerns about the reliability of democracy, and loss of confidence in the process (in this case, for very good reason!) present a very serious threat -- in and of itself -- to democracy. That is true whether or not an election has been gamed or not. Without confidence in the democracy, democracy itself begins to crumble, and is severely threatened. Hope those thoughts are useful, and that you'll feel free to touch base if I can help with any more thoughts (though, as noted at the top, I'm on a book deadline the next several days, and can only respond cursorily to some of these matters, without fully digging into them.) I can also point you to other experts who may be useful as well. Though they will likely share similar thoughts, and without actual funding of some type folks to assist in a full investigation, only opinions such as the above can largely be offered by most of those folks, I'd guess. Brad :This is great work. Democracy must be saved and restored. We must Review the 2009 Lok Sabha Election Process: Promises and Reality immediately. :--Devlem 15:06, 8 June 2009 (UTC) See Also * Election Fraud EVM Hacking Here are some videos of EVM Hacking in India. Video:Kalpesh Sharma proves LIVE on AIR by modifying program of the Electronic Voting Machine|Hacking the Indian EVM on TV Video:changing the ROMs of a Nedap e-voting computer in 60 seconds|Changing the ROMs of a Nedap e-voting computer in 60 seconds Video:Another Example of the 1 Minute E Voting Machine Hack|Another 1 minute hack Video:Electronic Voting Machines|A case against EVM's -Ewatch 13:54, 13 July 2009 (UTC)